Facebook CEO Mark Zuckerberg's “pivot to privacy” announced in March seems to have been extra short-lived. That's if it existed at all, as Facebook is moving in the opposite direction, tampering with the very idea of any meaningful encryption.
End-to-end encryption, of course, is seen as a cornerstone of privacy online, as it protects communications exchanged between two parties by making them accessible only by the conversation's participants.
But now, the article, penned by Kalev Leetaru, argues that real surveillance can be achieved on the devices themselves, rendering end-to-end encryption bypassed and useless. A compromised device will broadcast such things as keystrokes and screenshots, working around encryption and the safety of the data that it affords users.
To prove this point, the article mentions Facebook's intention to start embedding “moderation and blacklisting algorithms” into a client like its messaging app WhatsApp, which otherwise offers its users encryption.
Facebook did not wish to comment on any of these assertions.
Earlier this year, Germany's Spiegel Online reported about a presentation Facebook held in Germany. The company at the time seemed to suggest, without confirming it, that it was building tools that would allow it to move “edge content moderation” – along with surveillance and censorship – onto the devices themselves.
Recent remarks by US Attorney General William Barr, who spoke in favor of deploying encryption backdoors – which many said reignited the decades-long encryption debate – seems to have also rekindled Leetaru's need to reiterate his point: the debate is a waste of time. And that's the case, he writes, because secure communications would be compromised on devices without the need to insert backdoors into encryption protocols themselves – with Facebook now reportedly pioneering this technology.
Referring to the process as on-device moderation, “moderation and blacklisting” algorithms would be run locally but receive updates from Facebook's centralized cloud platform – “scanning each clear-text message before it is sent and each encrypted message after it is decrypted.”
According to the report, Facebook also revealed that copies of decrypted content found to be in breach of its policies would be sent to its servers – “acting as true wiretapping service.”
Back in May, Facebook's Germany presentation came as the country's interior minister urged allowing the government access to encrypted content on apps that support this type of protection of communications.
Leetaru described the social media giant's ideas as a way to “prevent unauthorized speech before it is ever uttered.”
One of the tech giants always had been the weakest link that would give in to the onslaught of political and media pressure to weaken encryption, to allow law enforcement to spy on users identified as persons of interest or suspects.
Facebook has the most to lose – revenues relying on personal data of over two billion users – and thanks to the very same thing, the company also has the most to give to snooping governments.
Therefore it's not surprising that Leetaru identifies Facebook as that entity that would be the first to move ahead with encryption-bypassing tech and in this way “kill” encryption – but it remains to be seen if the ideas thrown around in presentations will come to pass.
In case they do, the Forbes contributor does not doubt that others, like hardware manufacturers and operating system makers, would surely follow and embed content filters that live on devices and can scan any app installed on them.
“Rather than grappling with how to defeat encryption, governments will simply be able to harness social media companies to perform their mass surveillance for them, sending them real-time alerts and copies of the decrypted content,” he writes.
The future is even grimmer, if this article is anything to go by, because in a world where this type of surveillance is normalized and widely implemented, any attempt at resistance in the form of manufacturing or using devices and operating systems unaffected by the scanning algorithms would eventually be outlawed.
“Thoughtfully designed solutions”
As for the encryption debate, rehashed last week by Attorney General Barr, FBI Director Christopher Wray promptly supported his argument that law enforcement should be able to gain access to target devices – but said that this did not mean any weakening of encryption “or cybersecurity more broadly.”
According to CNBC he also added that cryptologists are now telling the FBI that “there are solutions that could work to protect encryption, and fulfill law enforcement's need for accessing encrypted communications.”
In January 2018, Wray called for “thoughtfully designed” solutions to the problem of end-to-end encryption and also revealed that the year before, the FBI had attempted to gain access to some 15,000 protected devices – failing to crack 7,775 phones.